Reading syslog/journalctl with PHP

[NotionCommotion]

I would like to allow an embedded webserver to view the server's system logs.  The PHP UX will allow user to:

1. Select start/finish dates or select "real time" mode which will mimic journalctl -f.
   
2. Select the user(s) who is logging the data similar to journalctl -u httpd.
   
3. Optionally save the output in a file which will be downloaded to the webclient after the log is run (or canceled if using real time mode).
   

 

When a hard start and finish date is specified, my thoughts are probably to execute use exec() with journalctl with applicable flags including -o json, wrapping the data with HTML as required for viewing, and creating a CSV file for the optional file feature.

 

The real time mode will be a bit trickier.  Since this will not be continuously running but only on a as-needed basis, I would like to keep it simple.  Options for PHP to access the data seem to be:

1. Directly reading sockets (sounds complicated).
   
2. Directly read the log files (how?) and use http://php.net/manual/en/book.inotify.php to determine when it was changed (sounds complicated).
   
3. cUrl requests to https://www.freedesktop.org/software/systemd/man/systemd-journal-gatewayd.service.html.  Security risk, however, I don't think it will ever be publicly accessible.
   
4. Use http://php.net/manual/en/function.proc-open.php to create a stream.
   
5. Call some sort of C library (sounds complicated)
   
6. Something else?
   

 

And then there is implementing how the webclient can access the data.  Options seem to be:

1. Bypass PHP and have the client directly query https://www.freedesktop.org/software/systemd/man/systemd-journal-gatewayd.service.html.
   
2. Store the log obtained in one of the above strategies into a session, and have the client periodically poll the server using HTTP.
   
3. Implement a websocket server.  I am only using a RPi, and am a little concerned about resources.
   
4. Something else?
   

As you can likely tell, I haven't really vetted this out, and am really just looking for a general direction at this time.  Thanks!

[kicken]

I'd probably just go for the gatewayd webservice and make it only accessible via localhost rather than via any network.

 

Otherwise, proc_open + a websocket connection seems like the next best option.

 

After that would be polling with some ajax requests for new data. journalctl has a cursor option that you can save on each request and pass back on the next poll to search for new log entries after the cursor.

[NotionCommotion]

Thanks kicken,  The gatewayd webservice is pretty impressive, and will most likely use it.  It comes with a UI http://10.120.11.40:19531/browse.  Couldn't figure out where to configure   ListenStream=[::1]:19531 to make accessible via localost only.  Since accessible by localhost only, you mean query it via PHP curl, and that a websocket would still be required?  If websockets, would you recommend using a framework such as ratchet over reactphp, or some other approach?  Even if no websockets required, I've wanted to try out websockets, and would appreciate recommended initial direction.